Amazon Launches Private Bug Bounty Programme to Harden Nova Foundation Models

Amazon has announced the launch of a private AI bug bounty programme targeting its Nova foundation models and associated applications.

“Security researchers are the ultimate real-world validators that our AI models and applications are holding up under creative scrutiny,” said Hudson Thrift, CISO of Amazon Stores.

The invite-only initiative aims to engage security researchers and academic teams in identifying and resolving vulnerabilities in the company’s AI stack, particularly as Nova models are increasingly deployed across Amazon’s ecosystem.

“We believe the best way to make our models stronger and more secure is to partner with the broader community,” said Rohit Prasad, Senior Vice President of Artificial General Intelligence at Amazon. “By opening up Nova to external testing, we’re reinforcing our commitment to safety, transparency, and continuous improvement.”

The programme runs alongside Amazon’s public bug bounty framework, which to date has generated over 30 validated findings and issued more than $55,000 in rewards.

Participants in the private track will probe risks such as prompt injection, model jailbreaks, and scenarios involving assistance with chemical, biological, radiological, and nuclear (CBRN) threats. Rewards range from $200 to $25,000, depending on severity.

The private initiative kicks off with a live event at Amazon’s Austin campus and will expand to select researchers and academic partners in early 2026.

Outside the private track, external researchers can continue to report AI issues via Amazon’s public “Gen AI Apps” category.

With Nova models powering Amazon products like Alexa and AWS Bedrock applications, the new bug bounty marks a strategic push to embed security early in the model lifecycle.